2.2. Risk Mitigation: Case Studies of Success and Failure
"Hey, I think we've been hacked!" The phone call, from a network administrator for a local insurance company, came on a Saturday afternoon. We were surprised. We had reviewed this company's production network environment extensively, and the thought that an attack had been successful provided a significant amount of personal discomfort! Like police officers, however, our first thought was to preserve the crime scene.
"Did you unplug the computer from the network?" we asked.
"Yup," he replied.
"Good!" we exclaimed. "Don't turn it off! We'll be there in a half hour."
As we drove, we started reviewing our procedures for isolating a system, identifying its current state, imaging the drive, ...